I know quite a few come to the help wanting to get “google docs”-like editing integrated into their Nextcloud setup, but the Collabora / LibreOffice / CODE route is just too complex, especially with the docker config and ports and ssl certificate requirements.
Well, there is hope. There has been a little bit of talk about integrating OnlyOffice’s document server into Nextcloud, and I must say, it works extremely well and it is quite easy. OnlyOffice can be deployed as a docker container, just like CODE, but it’s also available via package. You could install it on the same server as nextcloud and configure it to run on ports other than 80/443, or you can easily install it on a second server, such as onlyoffice.yourdomain.com, using packages. The later took me about 10 minutes start to finish, and I was editing spreadsheets on my owncloud server.
I threw together a quick guide. I’d love to spread the word on this and get people using it. This is the kind of thing that will help Nextcloud thrive!.
If you have questions feel free to ask and I’ll do my best to help. This method was much easier for me than the LibreOffice/CODE route. I ran into problem after problem after problem with it.
Hi, thanks for the manual, but my primary concern is still unanswered.
How can you prevent, that other nextcloud instances can use your onlyoffice installation?
dev0, I have the exact same concern. I’m digging into this to try to answer that question but haven’t made much progress yet. As for right now, the safest option is to use UFW to lock down access to port(s) 80/443 on the OnlyOffice server. On a local network this is not an issue.
Another option, if one is using a reverse proxy in front of their nextcloud server, is to use the same reverse proxy for OnlyOffice, and then use UFW to restrict access on the OnlyOffice server to the NextCloud server. I think this might also be possible, but I will have to confirm.
I will post back any updates as I come across them.
additional to that above you might get some Mails from abuse departements:
Multicast DNS (mDNS) is used for resolving host names to IP addresses
within small networks that do not include a local DNS server. It is
implemented for example by the Apple 'Bonjour' and Linux/BSD 'Avahi'
(nss-mdns) services. mDNS uses port 5353/udp.
Format: ASN | IP address | Timestamp (UTC) | Workstation info
ASN | IP | 2017-03-10 10:40:19 | onlyoffice [MAC]._workstation._tcp.local.
and
the Portmapper service (portmap, rpcbind) is required for mapping RPC
requests to a network service. The Portmapper service is needed e.g.
for mounting network shares using the Network File System (NFS).
The Portmapper service runs on port 111 tcp/udp.
So this software is better suited in a local area network then in a WAN
Sure thats nothing that iptables can’t lock down, but not everyone knows that tool so well.